Error with adding node to join worker node with master node

General Discussions
1

Asking for help? Comment out what you need so we can get more information to help you!

Cluster information:

Kubernetes version: 1.15
Cloud being used: (put bare-metal if not on a public cloud)
Installation method: kubeadm and kubectl
Host OS: CentOS Linux release 7.6.1810 (Core)
CNI and version: kubernetes-cni-0.7.5-0.x86_64
CRI and version: N/A

You can format your yaml by highlighting it and pressing Ctrl-Shift-C, it will make your output easier to read.

Initially there was an issue with the CoreDNS, as i could fix it i did kubeadm reset on the master node and trying to re-join the worker nodes. its not working from then and not able to add the nodes. below is the error.

kubeadm join 10.40.52.24:6443 --token 7efx1u.krn8sqa468ulx --discovery-token-ca-cert-hash sha256:7964431a03f1237127eb0a9774cb77c10a6d30423bdbe52a997d64

[preflight] Running pre-flight checks

[preflight] Reading configuration from the cluster…

[preflight] FYI: You can look at this config file with ‘kubectl -n kube-system get cm kubeadm-config -oyaml’

[kubelet-start] Downloading configuration for the kubelet from the “kubelet-config-1.15” ConfigMap in the kube-system namespace

[kubelet-start] Writing kubelet configuration to file “/var/lib/kubelet/config.yaml”

[kubelet-start] Writing kubelet environment file with flags to file “/var/lib/kubelet/kubeadm-flags.env”

[kubelet-start] Activating the kubelet service

[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap…

[kubelet-check] Initial timeout of 40s passed.

error execution phase kubelet-start: error uploading crisocket: timed out waiting for the condition

can someone help?

thank you.

2 
cat > openssl-worker-1.cnf <<EOF
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
[req_distinguished_name]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = worker-1
IP.1 = 1.2.3.4
EOF

make sure to generate certs with node group
openssl genrsa -out worker-1.key 2048
openssl req -new -key worker-1.key -subj "/CN=system:node:worker-1/O=system:nodes" -out worker-1.csr -config openssl-worker-1.cnf
openssl x509 -req -in worker-1.csr -CA ca.crt -CAkey ca.key -CAcreateserial  -out worker-1.crt -extensions v3_req -extfile openssl-worker-1.cnf -days 1000

you can get above root certs by running below ones ```

Create private key for CA

openssl genrsa -out ca.key 2048

Create CSR using the private key

openssl req -new -key ca.key -subj “/CN=KUBERNETES-CA” -out ca.csr

Self sign the csr using its own private key

openssl x509 -req -in ca.csr -signkey ca.key -CAcreateserial -out ca.crt -days 1000

if you want for admin or ccontroller manager to get certs defined then  try signing them with ```
# Generate private key for admin user
openssl genrsa -out admin.key 2048

# Generate CSR for admin user. Note the OU.
openssl req -new -key admin.key -subj "/CN=admin/O=system:masters" -out admin.csr

# Sign certificate for admin user using CA servers private key
openssl x509 -req -in admin.csr -CA ca.crt -CAkey ca.key -CAcreateserial  -out admin.crt -days 1000